CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14114
https://notcve.org/view.php?id=CVE-2020-14114
22 Jul 2022 — information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. Se presenta una vulnerabilidad de filtrado de información en la APP Xiaomi SmartHome. Esta vulnerabilidad es causada por las llamadas ilegales de algunas interfaces JS confidenciales, que pueden ser explotadas por los atacantes para filtrar información confidencial • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=277 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11063 – SmartHome application has a broken access control vulnerability in its Web API Server
https://notcve.org/view.php?id=CVE-2019-11063
29 Aug 2019 — A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Una vulnerabilidad de control de acceso interr... • http://surl.twcert.org.tw/5LWQJ • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2704
https://notcve.org/view.php?id=CVE-2017-2704
22 Nov 2017 — Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 a... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •